Mailing List Archive

Tarpit SPAM valid in this day in age.
Good day Guys

Just something I thought I would like to double check with the community.

I am part of a team that has inherited some mail servers, and going
through the Exim config, we are seeing some very old terminologies and
methods used to try and curb spam.

One that I am seeing is

https://pastebin.com/RqDkQJUD

So my question is, is Exim tarpitting still a valid tool to try and tie
up spammers resources in this day and age?

I tried Googling, but the latest I could find was from 2011.

Regards
Brent


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tarpit SPAM valid in this day in age. [ In reply to ]
On 10/12/2018 09:42, Brent Clark via Exim-users wrote:
> So my question is, is Exim tarpitting still a valid tool to try and tie
> up spammers resources in this day and age?

It takes out 50% of my connection load.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tarpit SPAM valid in this day in age. [ In reply to ]
On Mon, 10 Dec 2018, Brent Clark via Exim-users wrote:

> From: Brent Clark via Exim-users <exim-users@exim.org>
> To: exim-users@exim.org
> Date: Mon, 10 Dec 2018 09:42:12
> Subject: [exim] Tarpit SPAM valid in this day in age.
>
> Just something I thought I would like to double check with the
> community.
>
> I am part of a team that has inherited some mail servers, and
> going through the Exim config, we are seeing some very old
> terminologies and methods used to try and curb spam.
>
> One that I am seeing is
>
> https://pastebin.com/RqDkQJUD
>
> So my question is, is Exim tarpitting still a valid tool to try
> and tie up spammers resources in this day and age?
>
> I tried Googling, but the latest I could find was from 2011.

OpenBSD uses a specific daemon:

https://man.openbsd.org/spamd

to perform blacklisting, greylisting, tarpitting etc.

(Don't confuse this with SpamAssassin's "spamd". They're completely
different.)

I gather that spamd used in conjunction with pf (their packet
filter) and a real mail daemon can be effective. I've never had to
use such a setup myself.
--
Dennis Davis <dennisdavis@fastmail.fm>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tarpit SPAM valid in this day in age. [ In reply to ]
On 10 December 2018 8:42:12 pm AEDT, Brent Clark via Exim-users <exim-users@exim.org> wrote:
>Good day Guys
>
>Just something I thought I would like to double check with the
>community.
>
>I am part of a team that has inherited some mail servers, and going
>through the Exim config, we are seeing some very old terminologies and
>methods used to try and curb spam.
>
>One that I am seeing is
>
>https://pastebin.com/RqDkQJUD
>
>So my question is, is Exim tarpitting still a valid tool to try and tie
>
>up spammers resources in this day and age?

It's hard to say. There are certainly situations where tarpitting is a net win for the defender still. But spammers seem to come in many shapes and sizes. However if you are tarpitting and the spammer does adapt to sending rates based on destination then you may avoid ever being the target of these messages. However with the number of times you see messages coming from hosts in a botnet that just try sending indiscriminately cuts down on this. Thankfully these can probably be avoided earlier in the piece via ip blacklists.

>
>I tried Googling, but the latest I could find was from 2011.
>
>Regards
>Brent

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tarpit SPAM valid in this day in age. [ In reply to ]
On 10 December 2018 8:42:12 pm AEDT, Brent Clark via Exim-users <exim-
users@exim.org> wrote:
>Good day Guys
>
>Just something I thought I would like to double check with the
>community.
>
>I am part of a team that has inherited some mail servers, and going
>through the Exim config, we are seeing some very old terminologies and
>methods used to try and curb spam.
>
>One that I am seeing is
>
>https://pastebin.com/RqDkQJUD
>
>So my question is, is Exim tarpitting still a valid tool to try and tie
>
>up spammers resources in this day and age?

It's hard to say. There are certainly situations where tarpitting is a net win
for the defender still. But spammers seem to come in many shapes and sizes.
However if you are tarpitting and the spammer does adapt to sending rates
based on destination then you may avoid ever being the target of these
messages. However with the number of times you see messages coming from hosts
in a botnet that just try sending indiscriminately cuts down on this.
Thankfully these can probably be avoided earlier in the piece via ip
blacklists.

>
>I tried Googling, but the latest I could find was from 2011.
>
>Regards
>Brent


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/